Re: Redirect attempts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, May 12, 2014 at 8:34 PM, Paul Lesniewski <paul@xxxxxxxxxxxxxxxx> wrote:
> On Mon, May 12, 2014 at 7:03 PM, Alex <mysqlstudent@xxxxxxxxx> wrote:
>> Hi,
>>
>> I'm using squirrelmail-1.4.21 on fedora20 with apache-2.4.9 and have the
>> following in my logs:
>>
>> 173.13.167.230 - - [12/May/2014:21:40:53 -0400] "POST
>> /webmail/src/redirect.php HTTP/1.1" 302 - "
>> https://mail.mydomain.com/webmail/src/login.php"; "Mozilla/4.0 (compatible;
>> MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; InfoPath.2;
>> .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
>> 3.5.30729)" 2973 2388
>>
>> where mydomain.com is my server. Are these hack attempts? I came across the
>> following on the fail2ban site here
>> http://www.fail2ban.org/wiki/index.php/Talk:SquirrelMail:
>>
>> failregex = <HOST> - - \[.*\] "POST /webmail/src/redirect.php HTTP/1.[01]"
>> 200 \d{1,5} "https?://[^/]+/webmail/src/login.php" ".*"

Note that this is not the same as what you are looking at.  This is a
200 response, which only happens when the login failed for some reason
(user sees failure information instead of getting a 302 redirect),
which is why fail2ban is using it here.

-- 
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
[Index of Archives]     [Video For Linux]     [Yosemite News]     [Yosemite Photos]     [gtk]     [KDE]     [Cyrus SASL]     [Gimp on Windows]     [Steve's Art]     [Webcams]

  Powered by Linux